================================================ aVTC Test "2002-12" (File 6dDOS.TXT): ------------------------------------------------ Detailed results of Boot, File, Macro and Script Virus related on-demand scanner tests under DOS: ================================================ (Formatted with non-proportional font: Courier) The following *13* products (versions) participated in this part of VTC test "2002-12" (for details of related AV products: see A2SCNLS.txt): ========================================= AVA v(def): V7.70 AVG v(def): 6.0 AVP v(def): 3.0 build 135 CMD v(def): 4.62.4 DRW v(def): 4.26 FPR v(def): 3.11b INO v(def): 6.0 n(s) MR2 v(def): 1.20 NAV v(def): corporate edition 14.12. NVC v(def): 5.30.02 RAV v(def): 8.1.001 engine 8.5 SCN v(def): 4.16.0 VSP v(def): 12.34.1 ========================================= The following tables summarize detection and identification quality concerning boot, file, macro and script viruses as well as selected file, macro and script malware, both in full "zoo" virus collection and for viral In-The-Wild testbeds, under DOS. Moreover, results for detection of In-The-Wild viruses in objects compressed with 6 popular packing methods are also given. Finally, a special test was performed concerning "false positive" virus detection of selected files which were deliberately chosen from available CD-ROMs and which were definitively clean of viruses. For discussion of results, see 7EVALDOS.txt. As usual, results may be influenced by problems experienced during tests; such problems are documented in 8PROBLMS.TXT. Index of tables: ---------------- DOS.B2: "BootVirus 2": Results of "In-The-Wild" test for boot viruses DOS.F1: "FileVirus 1": Results of "full" Zoo test for file viruses DOS.F2: "FileVirus 2": Results of "In-The-Wild" test for file viruses DOS.F3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR 2.9 and CAB DOS.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of infected ITW file objects packed with PKZIP, LHA, ARJ, RAR, WinRAR 2.9 and CAB DOS.F3a: "PKZIP-Packed File Viruses": Results of Detection of ITW File Viruses Packed with PKZIP DOS.F3b: "LHA-Packed File Viruses": Results of Detection of ITW File Viruses Packed with LHA DOS.F3c: "ARJ-Packed File Viruses": Results of Detection of ITW File Viruses Packed with ARJ DOS.F3d: "RAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with RAR DOS.F3e: "WINRAR-Packed Macro Viruses": Results of Detection of ITW File Viruses Packed with WINRAR 2.9 DOS.F3f: "CAB-Packed File Viruses": Results of Detection of ITW File Viruses Packed with CAB DOS.F4: "False Positive" File Virus Detection: Results of "full" Zoo test for non-viral (clean) file objects detected as "false positives" DOS.F5: "File-Malware": Results of "full" Zoo test for file-related (non-viral) malware DOS.M1: "MacroVirus 1": Results of "full" Zoo test for macro viruses DOS.M2: "MacroVirus 2": Results of "In-The-Wild" test for macro viruses DOS.M3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW macro viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR 2.0 and CAB DOS.M3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of infected ITW macro objects packed with PKZIP, LHA, ARJ, RAR, WinRAR 2.0 and CAB DOS.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with PKZIP DOS.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with LHA DOS.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with ARJ DOS.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with RAR DOS.M3e: "WINRAR-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with WINRAR 2.0 DOS.M3f: "CAB-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with CAB DOS.M4: "False Positive" macro virus detection: Results of "full" Zoo test for non-viral (clean) macro objects detected as "false positives" DOS.M5: "Macro-Malware": Results of "full" Zoo test for Macro-related (non-viral) malware DOS.S1: "ScriptVirus 1": Results of partial Zoo test for script viruses (esp. VBS and MIRC) DOS.S2: "ScriptVirus 2": Results of "In-The-Wild" test for script viruses DOS.S5: "Script-Malware": Results of "full" Zoo test for Script-related (non-viral) malware Table DOS.B2: "BootVirus 2": Results of "In-The-Wild" Test for boot viruses: ==================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ------------------------------------------------------------ Testbed 11 100.0% 149 100.0% ------------------------------------------------------------ AVA 7 63.6 0 0.0 1 9.1 100 67.1 AVG *** no report - see problem list *** AVP 11 100.0 0 0.0 0 0.0 149 100.0 CMD 11 100.0 0 0.0 0 0.0 149 100.0 DRW 11 100.0 0 0.0 0 0.0 149 100.0 FPR 11 100.0 0 0.0 0 0.0 149 100.0 INO 6 54.5 5 45.5 1 9.1 75 50.3 NAV 11 100.0 1 9.1 0 0.0 149 100.0 NVC 11 100.0 1 9.1 0 0.0 149 100.0 RAV *** no report - see problem list *** SCN 11 100.0 0 0.0 0 0.0 149 100.0 VSP 11 100.0 1 9.1 0 0.0 149 100.0 ------------------------------------------------------------ Mean: 91.8% 91.7% Mean (rate>10%): 91.8% 91.7% ------------------------------------------------------------ Remark: decimal ~ indicates that result is rounded: (100.~ up to 100.0%, 0.~ down to 0.0%). Table DOS.F1: "FileVirus 1": Results of "full" Zoo Test for file viruses: ==================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ------------------------------------------------------------ Testbed 21790 100.0% 158747 100.0% ------------------------------------------------------------ AVA 21115 96.9 953 4.4 218 1.0 154423 97.3 AVG ***** no report - see problem list **** AVP 21783 100.~ 1024 4.7 1 0.~ 158701 100.~ CMD 21458 98.5 169 0.8 73 0.3 157448 99.2 DRW ***** no report - see problem list **** FPR 21526 98.8 194 0.9 43 0.2 157777 99.4 INO 20447 93.8 752 3.5 192 0.9 148568 93.6 MR2 ***** no report - see problem list **** NAV 21432 98.4 2588 11.9 811 3.7 153002 96.4 NVC ***** no report - see problem list **** RAV 21065 96.7 770 3.5 331 1.5 153343 96.6 SCN 21752 99.8 968 4.4 46 0.2 158506 99.8 VSP 13418 61.6 3955 18.2 1447 6.6 89520 56.4 ------------------------------------------------------------ Mean: 93.8% 93.2% Mean (rate>10%): 93.8% 93.2% ------------------------------------------------------------ Table DOS.F2: "FileVirus 2": Results of "In-The-Wild" Test for file viruses: ==================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ------------------------------------------------------------ Testbed 50 100.0% 442 100.0% ------------------------------------------------------------ AVA 50 100.0 7 14.0 4 8.0 435 98.4 AVG *** no report - see problem list *** AVP 50 100.0 6 12.0 0 0.0 442 100.0 CMD 49 98.0 4 8.0 3 6.0 433 98.0 DRW *** no report - see problem list *** FPR 49 98.0 4 8.0 3 6.0 433 98.0 INO 50 100.0 7 14.0 1 2.0 441 99.8 MR2 12 24.0 0 0.0 4 8.0 169 38.2 NAV 50 100.0 11 22.0 0 0.0 442 100.0 NVC 50 100.0 6 12.0 6 12.0 430 97.3 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 4 8.0 0 0.0 442 100.0 VSP 5 10.0 1 2.0 1 2.0 120 27.1 ------------------------------------------------------------ Mean: 84.6% 86.9% Mean (rate>10%): 92.0% 92.9% ------------------------------------------------------------ Table DOS.F3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ================================================================ This includes Viruses detected per packer ------------------------------------------------------------------------------ ARJ % CAB % LHA % RAR % WinRAR 2.9 % ZIP % ------------------------------------------------------------------------------ Testbed 50 100.0% 50 100.0% 50 100.0% 50 100.0% 50 100.0% 50 100.0% ------------------------------------------------------------------------------- AVA 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 AVG 6 12.0 0 0.0 0 0.0 5 10.0 0 0.0 5 10.0 AVP 50 100.0 50 100.0 50 100.0 50 100.0 0 0.0 50 100.0 CMD 49 98.0 49 98.0 49 98.0 49 98.0 0 0.0 49 98.0 DRW 50 100.0 50 100.0 0 0.0 50 100.0 0 0.0 50 100.0 FPR 49 98.0 49 98.0 49 98.0 49 98.0 0 0.0 49 98.0 INO 48 96.0 0 0.0 0 0.0 0 0.0 0 0.0 47 94.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 50 100.0 NVC 50 100.0 0 0.0 0 0.0 0 0.0 0 0.0 50 100.0 RAV 50 100.0 45 90.0 0 0.0 50 100.0 36 72.0 50 100.0 SCN 50 100.0 50 100.0 50 100.0 50 100.0 0 0.0 50 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------------------------- Mean: 61.9% 45.1% 30.5% 46.6% 5.5% 69.2% Mean rate>10%:89.3% 97.7% 99.0% 99.3% 72.0% 98.9% ------------------------------------------------------------------------------- Table DOS.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ======================================================================== This includes Viral objects detected per packer ------------------------------------------------------------------------------- ARJ % CAB % LHA % RAR % WinRAR 2.9 % ZIP % ------------------------------------------------------------------------------- Testbed 442 100.0% 442 100.0% 442 100.0% 442 100.0% 442 100.0% 442 100.0% ------------------------------------------------------------------------------- AVA 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 AVG 80 18.1 0 0.0 0 0.0 69 15.6 0 0.0 67 15.2 AVP 442 100.0 442 100.0 442 100.0 442 100.0 0 0.0 442 100.0 CMD 433 98.0 433 98.0 433 98.0 433 98.0 0 0.0 433 98.0 DRW 442 100.0 442 100.0 0 0.0 442 100.0 0 0.0 442 100.0 FPR 433 98.0 433 98.0 433 98.0 433 98.0 0 0.0 433 98.0 INO 433 98.0 0 0.0 0 0.0 0 0.0 0 0.0 431 97.5 MR2 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 442 100.0 NVC 430 97.3 0 0.0 0 0.0 0 0.0 0 0.0 430 97.3 RAV 438 99.1 328 74.2 0 0.0 435 98.4 177 40.0 438 99.1 SCN 442 100.0 442 100.0 442 100.0 442 100.0 0 0.0 442 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------------------------- Mean: 62.2% 43.9% 30.5% 46.9% 3.1% 69.6% Meanrate>10%: 89.8% 95.0% 99.0% 99.1% 40.0% 98.8% ------------------------------------------------------------------------------- Table DOS.F3a: "PKZIP-Packed File Viruses": Results of Detection of ITW File Viruses Packed with PKZIP: ================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 5 10.0 1 2.0 1 2.0 67 15.2 AVP 50 100.0 6 12.0 0 0.0 442 100.0 CMD 49 98.0 4 8.0 3 6.0 433 98.0 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FPR 49 98.0 4 8.0 3 6.0 433 98.0 INO 47 94.0 4 8.0 2 4.0 431 97.5 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 50 100.0 11 22.0 0 0.0 442 100.0 NVC 50 100.0 6 12.0 6 12.0 430 97.3 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 4 8.0 0 0.0 442 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 69.2% 69.6% Mean (rate>10%): 98.9% 98.9% ----------------------------------------------------------- Table DOS.F3b: "LHA-Packed File Viruses": Results of Detection of ITW File Viruses Packed with LHA: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVP 50 100.0 6 12.0 0 0.0 442 100.0 CMD 49 98.0 5 10.0 3 6.0 433 98.0 DRW 0 0.0 0 0.0 0 0.0 0 0.0 FPR 49 98.0 5 10.0 3 6.0 433 98.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 50 100.0 4 8.0 0 0.0 442 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------ Mean: 30.5% 30.5% Mean (rate>10%): 99.0% 99.0% ------------------------------------------------------------ Table DOS.F3c: "ARJ-Packed File Viruses": Results of Detection of ITW File Viruses Packed with ARJ: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 6 12.0 2 4.0 1 2.0 80 18.1 AVP 50 100.0 6 12.0 0 0.0 442 100.0 CMD 49 98.0 4 8.0 3 6.0 433 98.0 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FPR 49 98.0 4 8.0 3 6.0 433 98.0 INO 48 96.0 4 8.0 2 4.0 433 98.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 50 100.0 6 12.0 6 12.0 430 97.3 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 4 8.0 0 0.0 442 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 61.9% 62.2% Mean (rate>10%): 89.3% 89.8% ----------------------------------------------------------- Table DOS.F3d: "RAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with RAR: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ----------------------------------------------------------- AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 5 10.0 2 4.0 0 0.0 69 15.6 AVP 50 100.0 6 12.0 0 0.0 442 100.0 CMD 49 98.0 4 8.0 3 6.0 433 98.0 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FPR 49 98.0 4 8.0 3 6.0 433 98.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 50 100.0 6 12.0 4 8.0 435 98.4 SCN 50 100.0 4 8.0 0 0.0 442 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 46.6% 46.9% Mean (rate>10%): 99.3% 99.1% ----------------------------------------------------------- Table DOS.F3e: "WINRAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with WINRAR 2.9: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ----------------------------------------------------------- AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVP 0 0.0 0 0.0 0 0.0 0 0.0 CMD 0 0.0 0 0.0 0 0.0 0 0.0 DRW 0 0.0 0 0.0 0 0.0 0 0.0 FPR 0 0.0 0 0.0 0 0.0 0 0.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 36 72.0 1 2.0 22 44.0 177 40.0 SCN 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 5.5% 3.1% Mean (rate>10%): 72.0% 40.0% ----------------------------------------------------------- Table DOS.F3f: "CAB-Packed File Viruses": Results of Detection of ITW File Viruses Packed with CAB: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVP 50 100.0 6 12.0 0 0.0 442 100.0 CMD 49 98.0 4 8.0 3 6.0 433 98.0 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FPR 49 98.0 4 8.0 3 6.0 433 98.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 45 90.0 7 14.0 2 4.0 328 74.2 SCN 50 100.0 4 8.0 0 0.0 442 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 45.1% 43.9% Mean (rate>10%): 97.7% 95.9% ----------------------------------------------------------- Table DOS.F4: "False Positive" file virus detection: Results of "full" Zoo test for non-viral (clean) file objects detected as "false positives": ============================================================= False positive Scanner detection ------------------------------------------ Testbed 664 100.0% ------------------------------------------ AVA 0 0.0 AVG *** no report - see problem list *** AVP 0 0.0 CMD 0 0.0 DRW *** no report - see problem list *** FPR 0 0.0 INO 0 0.0 MR2 *** no report - see problem list *** NAV 0 0.0 NVC *** no report - see problem list *** RAV 0 0.0 SCN 0 0.0 VSP 0 0.0 ------------------------------------------ Table DOS.F5: "File-Malware": Results of "full" Zoo Test for File-related malware: ==================================================== This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 8001 100.0% 18277 100.0% ------------------------------------------------------------ AVA 5980 74.7 234 2.9 462 5.8 13833 75.7 AVG *** no report - see problem list *** AVP 7899 98.7 776 9.7 40 0.5 18098 99.0 CMD 7248 90.6 3331 41.6 287 3.6 16142 88.3 DRW *** no report - see problem list *** FPR 7271 90.9 3348 41.8 289 3.6 16248 88.9 INO *** no report - see problem list *** MR2 730 9.1 39 0.5 183 2.3 1242 6.8 NAV 6241 78.0 1355 16.9 574 7.2 13261 72.6 NVC 6249 78.1 1614 20.2 402 5.0 14441 79.0 RAV 6890 86.1 411 5.1 403 5.0 15027 82.2 SCN 7430 92.9 687 8.6 76 0.9 17481 95.6 VSP 3056 38.2 547 6.8 213 2.7 4839 26.5 ----------------------------------------------------------- Mean: 73.7% 71.5% Mean (rate>10%): 80.9% 78.6% ----------------------------------------------------------- Table DOS.M1: "MacroVirus 1": Results of "full" Zoo Test for macro viruses: ==================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 7306 100.0% 25231 100.0% ------------------------------------------------------------ AVA 6780 92.8 68 0.9 88 1.2 23298 92.3 AVG 7167 98.1 59 0.8 15 0.2 24772 98.2 AVP 7304 100.~ 134 1.8 1 0.~ 25193 99.8 CMD 7302 99.9 62 0.8 4 0.1 25199 99.9 DRW 7263 99.4 172 2.4 15 0.2 25110 99.5 FPR 7303 100.~ 63 0.9 4 0.1 25200 99.9 INO 7298 99.9 130 1.8 6 0.1 25204 99.9 MR2 2769 37.9 834 11.4 78 1.1 8117 32.2 NAV 7290 99.8 259 3.5 12 0.2 25152 99.7 NVC 7295 99.8 118 1.6 16 0.2 25161 99.7 RAV 7299 99.9 423 5.8 7 0.1 25211 99.9 SCN 7306 100.0 80 1.1 1 0.~ 25227 100.~ VSP 2 0.~ 0 0.0 2 0.~ 2 0.~ ----------------------------------------------------------- Mean 86.7% 86.2% Mean (rate>10%) 94.0% 93.4% ----------------------------------------------------------- Table DOS.M2: "MacroVirus 2": Results of "In-The-Wild" Test for macro viruses: ======================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVA 123 99.2 7 5.6 8 6.5 1318 98.6 AVG 124 100.0 12 9.7 1 0.8 1336 99.9 AVP 124 100.0 10 8.1 0 0.0 1337 100.0 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 INO 124 100.0 9 7.3 0 0.0 1337 100.0 MR2 11 8.9 1 0.8 4 3.2 374 28.0 NAV 124 100.0 12 9.7 0 0.0 1337 100.0 NVC 124 100.0 13 10.5 2 1.6 1335 99.9 RAV 124 100.0 27 21.8 2 1.6 1334 99.8 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 85.2% 86.6% Mean (rate>10%) 99.9% 99.8% ----------------------------------------------------------- Table DOS.M3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW macro viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ================================================================ This includes Viruses detected per packer ------------------------------------------------------------------------------ ARJ % CAB % LHA % RAR % WinRAR 2.0 % ZIP % ------------------------------------------------------------------------------ Testbed 124 100.0% 124 100.0% 124 100.0% 124 100.0% 124 100.0% 124 100.0% ------------------------------------------------------------------------------- AVA 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 AVG 124 100.0 0 0.0 0 0.0 124 100.0 124 100.0 124 100.0 AVP 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 CMD 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 DRW 124 100.0 124 100.0 0 0.0 124 100.0 124 100.0 124 100.0 FPR 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 INO 124 100.0 0 0.0 0 0.0 0 0.0 0 0.0 124 100.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 124 100.0 NVC 124 100.0 0 0.0 0 0.0 0 0.0 0 0.0 124 100.0 RAV 124 100.0 123 99.2 0 0.0 124 100.0 124 100.0 124 100.0 SCN 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------------------------- Mean 69.2% 46.1% 30.8% 53.9% 53.9% 76.9% Meanrate>10% 100.0% 99.9% 100.0% 100.0% 100.0% 100.0% ------------------------------------------------------------------------------- Table DOS.M3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW macro viruses and with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ======================================================================== This includes Viral objects detected per packer ------------------------------------------------------------------------------- ARJ % CAB % LHA % RAR % WinRAR 2.0 % ZIP % ------------------------------------------------------------------------------- Testbed 1337 100.0% 1337 100.0% 1337 100.0% 1337 100.0% 1337 100.0% 1337 100.0% ------------------------------------------------------------------------------- AVA 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 AVG 1336 99.9 0 0.0 0 0.0 1336 99.9 1336 99.9 1324 99.0 AVP 1337 100.0 1336 99.9 1337 100.0 1337 100.0 1337 100.0 1337 100.0 CMD 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 DRW 1337 100.0 1337 100.0 0 0.0 1337 100.0 1337 100.0 1337 100.0 FPR 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 INO 1337 100.0 0 0.0 0 0.0 0 0.0 0 0.0 1337 100.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 1337 100.0 NVC 1335 99.9 0 0.0 0 0.0 0 0.0 0 0.0 1335 99.9 RAV 1271 95.1 1103 82.5 0 0.0 1265 94.6 1148 85.9 1271 95.1 SCN 1337 100.0 1337 100.0 1337 100.0 1337 100.0 1337 100.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------------------------- Mean 68.8% 44.8% 30.8% 53.4% 52.4% 76.5% Meanrate>10% 99.4% 97.0% 100.~ 99.2% 97.9% 99.4% ------------------------------------------------------------------------------- Table DOS.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with PKZIP: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 124 100.0 11 8.9 10 8.1 1324 99.0 AVP 124 100.0 10 8.1 0 0.0 1337 100.0 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 INO 124 100.0 9 7.3 0 0.0 1337 100.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 124 100.0 12 9.7 0 0.0 1337 100.0 NVC 124 100.0 13 10.5 2 1.6 1335 99.9 RAV 124 100.0 27 21.8 22 17.7 1271 95.1 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 76.9% 76.5% Mean(rate>10%) 100.0% 99.4% ----------------------------------------------------------- Table DOS.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with LHA: ================================================================ This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVP 124 100.0 10 8.1 0 0.0 1337 100.0 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 0 0.0 0 0.0 0 0.0 0 0.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 30.8% 30.8% Mean (rate>10%) 100.0% 100.~ ----------------------------------------------------------- Table DOS.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with ARJ: ================================================================ This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 124 100.0 12 9.7 1 0.8 1336 99.9 AVP 124 100.0 10 8.1 0 0.0 1337 100.0 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 INO 124 100.0 9 7.3 0 0.0 1337 100.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 124 100.0 13 10.5 2 1.6 1335 99.9 RAV 124 100.0 27 21.8 22 17.7 1271 95.1 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 69.2% 68.8% Mean (rate>10%) 100.0% 99.4% ----------------------------------------------------------- Table DOS.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with RAR: ================================================================ This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 124 100.0 12 9.7 1 0.8 1336 99.9 AVP 124 100.0 10 8.1 0 0.0 1337 100.0 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 124 100.0 26 21.0 27 21.8 1265 94.6 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 53.9% 53.4% Mean (rate>10%) 100.0% 99.2% ----------------------------------------------------------- Table DOS.M3e: "WINRAR-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with WINRAR 2.0: =================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 124 100.0 12 9.7 1 0.8 1336 99.9 AVP 124 100.0 10 8.1 0 0.0 1337 100.0 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 124 100.0 26 21.0 25 20.2 1148 85.9 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 53.9% 52.7% Mean (rate>10%) 100.0% 99.9% ----------------------------------------------------------- Table DOS.M3f: "CAB-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with CAB: ================================================================ This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVP 124 100.0 10 8.1 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 123 99.2 26 21.0 5 4.0 1103 82.5 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 46.1% 44.8% Mean (rate>10%) 99.9% 97.0% ----------------------------------------------------------- Table DOS.M4: "False Positive" macro virus detection: Results of "full" Zoo test for non-viral (clean) macro objects detected as "false positives": ============================================================== False positive Scanner detection ----------------------------- Testbed 329 100.0% ----------------------------- AVA 0 0.0 AVG 0 0.0 AVP 5 1.5 CMD 2 0.6 DRW 29 8.8 FPR 2 0.6 INO 0 0.0 MR2 20 6.1 NAV 0 0.0 NVC 5 1.5 RAV 2 0.6 SCN 0 0.0 VSP 0 0.0 ----------------------------- Mean 1.5% ----------------------------- Table DOS.M5: "Macro-Malware": Results of "full" Zoo Test for Macro-related malware: ===================================================== This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 450 100.0% 747 100.0% ------------------------------------------------------------ AVA 362 80.4 3 0.7 10 2.2 582 77.9 AVG 361 80.2 1 0.2 5 1.1 621 83.1 AVP 450 100.0 1 0.2 1 0.2 745 99.7 CMD 447 99.3 2 0.4 0 0.0 735 98.4 DRW 410 91.1 30 6.7 8 1.8 683 91.4 FPR 447 99.3 2 0.4 0 0.0 735 98.4 INO 422 93.8 17 3.8 1 0.2 709 94.9 MR2 133 29.6 18 4.0 2 0.4 205 27.4 NAV 419 93.1 39 8.7 8 1.8 681 91.2 NVC 442 98.2 13 2.9 2 0.4 711 95.2 RAV 447 99.3 39 8.7 4 0.9 730 97.7 SCN 450 100.0 5 1.1 2 0.4 745 99.7 VSP 1 0.2 0 0.0 0 0.0 1 0.1 ----------------------------------------------------------- Mean 81.9% 81.2% Mean (rate>10%) 88.7% 87.9% ----------------------------------------------------------- Table DOS.S1: "ScriptVirus 1": Results of "full" Zoo test for script viruses: ====================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 823 100.0% 1574 100.0% ------------------------------------------------------------ AVA 259 31.5 6 0.7 47 5.7 565 35.9 AVG 526 63.9 32 3.9 46 5.6 1014 64.4 AVP 814 98.9 83 10.1 1 0.1 1562 99.2 CMD 733 89.1 112 13.6 25 3.0 1342 85.3 DRW 779 94.7 120 14.6 22 2.7 1436 91.2 FPR 730 88.7 107 13.0 28 3.4 1335 84.8 INO 779 94.7 114 13.9 31 3.8 1457 92.6 MR2 667 81.0 109 13.2 71 8.6 1146 72.8 NAV 798 97.0 246 29.9 27 3.3 1497 95.1 NVC 721 87.6 79 9.6 35 4.3 1270 80.7 RAV 791 96.1 108 13.1 26 3.2 1496 95.0 SCN 820 99.6 72 8.7 1 0.1 1570 99.7 VSP 668 81.2 96 11.7 72 8.7 1148 72.9 ----------------------------------------------------------- Mean 84.9% 82.3% Mean (rate>10%) 84.9% 82.3% ----------------------------------------------------------- Table DOS.S2: "ScriptVirus 2": Results of "In-The-Wild" Test for Script viruses: ======================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 20 100.0% 122 100.0% ------------------------------------------------------------ AVA 20 100.0 0 0.0 3 15.0 114 93.4 AVG 20 100.0 3 15.0 0 0.0 122 100.0 AVP 20 100.0 3 15.0 0 0.0 122 100.0 CMD 20 100.0 4 20.0 0 0.0 122 100.0 DRW 20 100.0 2 10.0 0 0.0 122 100.0 FPR 20 100.0 4 20.0 0 0.0 122 100.0 INO 20 100.0 5 25.0 1 5.0 121 99.2 MR2 18 90.0 4 20.0 4 20.0 99 81.1 NAV 20 100.0 6 30.0 0 0.0 122 100.0 NVC 20 100.0 9 45.0 0 0.0 122 100.0 RAV 20 100.0 7 35.0 0 0.0 122 100.0 SCN 20 100.0 3 15.0 0 0.0 122 100.0 VSP 18 90.0 4 20.0 4 20.0 99 81.1 ---------------------------------------------------------- Mean 98.5% 96.5% Mean (rate>10%) 98.5% 96.5% ----------------------------------------------------------- Table DOS.S5: "Script-Malware": Results of "full" Zoo Test for Script-related malware: ===================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ------------------------------------------------------------ Testbed 117 100.0% 202 100.0% ------------------------------------------------------------ AVA 2 1.7 0 0.0 0 0.0 2 1.0 AVG 14 12.0 0 0.0 1 0.9 15 7.4 AVP 112 95.7 18 15.4 3 2.6 189 93.6 CMD 33 28.2 16 13.7 6 5.1 36 17.8 DRW 72 61.5 14 12.0 10 8.5 120 59.4 FPR 33 28.2 16 13.7 6 5.1 36 17.8 INO 82 70.1 33 28.2 12 10.3 114 56.4 MR2 32 27.4 4 3.4 5 4.3 33 16.3 NAV 108 92.3 36 30.8 8 6.8 163 80.7 NVC 24 20.5 0 0.0 3 2.6 32 15.8 RAV 96 82.1 12 10.3 10 8.5 145 71.8 SCN 115 98.3 10 8.5 4 3.4 188 93.1 VSP 32 27.4 4 3.4 5 4.3 33 16.3 ----------------------------------------------------------- Mean 49.7% 42.1% Mean (rate>10%) 53.6% 45.6% -----------------------------------------------------------